My Hash Is My Passport Understanding Web and Mobile Authentication

Total Page:16

File Type:pdf, Size:1020Kb

My Hash Is My Passport Understanding Web and Mobile Authentication My Hash Is My Passport Understanding Web and Mobile Authentication ShmooCon - January 17, 2016 David Schuetz Senior Consultant, NCC Group @DarthNull Introduction 2 Agenda • Background • Definitions and Goals • Commonly Used Authentication Systems • Other Systems • Overall Evaluation • Response Builder Tool • Conclusion 3 Background 4 Background • You enter your password in a web application. • What happens next? 5 Authentication Happens • The server decides whether you are you • How does your password get to the server? • “That Depends” • Many different methods in use today • Close look at the five most common ones 6 Why do we care? • There’s a right way, and a wrong way • Explain the systems to three different audiences: • Testers: need to understand to evaluate the app • Risk acceptors: need to understand test reports • Developers: need to implement it properly • Also, nice for users to get a peek behind the scenes 7 Definitions and Goals 8 Definitions and Such • Authentication vs Identification vs Authorization • Focus is on what the client application does • Sometimes it actually is Authentication • Sometimes it’s technically Authorization • We’ll just call it all Authentication for now 9 Focus • Looking at authentication “protocol” or system • Strictly how it’s “supposed to work” • Assuming client and server are legit • Not hacked • Not a phishing site • Not a formal security analysis • Almost all of these have had some issues • What can an attacker do? 10 Real World Authentication • Your friend Tim walks up and says “Hi.” • You look at him, say “Hi,” and begin talking. • That was easy!! 11 How’d that work? • Someone simply recognizes you • (or compares your face to a trusted ID) • It’s hard to spoof that appearance • Especially if you factor in other cues • Anyone can watch, without weakening security 12 Not as easy in “Cyberspace” • Server doesn’t have years of personal experience • Or brains evolved for facial and behavioral recognition • So it relies on some kind of “factor.” • Usually a proof of knowledge that only the user has • Like a password 13 The Crux of the Problem • How do you securely show that password to the server? • In real life, you wouldn’t shout it out… You’d whisper. • On the network, you hide it with encryption 14 It’s a series of tubes Internet Tim’s Password Client “Enchanter” Server Encrypted TLS connection 15 (Hopefully, opaque tubes) Internet Tim’s Password Client “Enchanter” Server Encrypted TLS connection Evil Hacker 16 “We’re safe — we use TLS!” • 2011: Certificate Authority DigiNotar hacked • Fake certificates issued • 2011: iOS “Basic Constraints” bug • Real certs can sign fake certs • 2012: Trustwave issues globally trusted wildcard cert • 2014: Heartbleed bug - can expose private keys • 2015: Superfish Adware • Self-signed certs on Lenovo laptops can MITM anything • ? - present: Self-trusted Corporate DLP Proxies 17 Attack Surfaces • Login • When the user first connects to a service • Session • Continuous authentication • While using the application • Restart (login again) • “Remember me” functionality • After application has been unused for a time 18 Attacks - Stealing Credentials • Network: Disable TLS • Transit: Server, server network • Use: Server or client • Target application software • Intercept keystrokes, search memory • Storage: Server or client • Server - steal and crack passwords • Client - steal locally stored passwords and tokens • Client - steal improperly cached credentials 19 Session Tokens • Could send your password with every request… • …or could send a special code that only lasts a day Request Session Token Client GET cat.gif XYZZY314 Server 20 Token Compromise • If an attacker can steal the session token • Break encryption, attack server, attack client • They can make requests while pretending to be you Client GET cat.gif XYZZY314 Server Hacker XFER $$$$$ XYZZY314 Server 21 Make the Tokens Expire Faster • Using a “Nonce” - random string - tied to the token • If the nonce is repeated, server refuses request Unique Nonce Client GET cat.gif 784Q XYZZY314 Server XFER $$$$$ 784Q XYZZY314 Hacker Server “BZZZT!” ! 22 Nonces and Timestamps and Sigs • Server tracks all the used nonces • Token has to be cryptographically tied to nonce • Otherwise hacker could just change the nonce • Include timestamps - server can discard old nonces • Still doesn’t cover all attacks, but enough for now 23 Commonly Used Systems 24 Commonly Used Systems • Dozens of “mainstream” systems available today • Only a few in common use • Will describe five in detail: • Password or “Basic” • Digest • NTLM • OAuth 1 • OAuth 2 • Basic, Digest, and NTLM generally built into browsers 25 Authorization: Basic 26 Authorization: Basic • Simply send your userid and password to the server 27 Assessment: Basic • Good: • Simplest method • Can use built-in browser form • Trigger with “WWW-Authenticate:” header • Or use HTML or Javascript form within a page • Bad: • Perfectly fine… IF you trust TLS • Use for sessions increases disclosure risk • (also, don’t ever put it in the URL…even hashed) 28 Authorization: Digest 29 Authorization: Digest • More complicated • Server sends unique parameters • Client combines these with the user’s password • Creates token that’s uniquely tied to the nonce • The password is never sent over the network • Optionally includes a signature of the request 30 Authentication Flow • Client requests a resource • Server replies “Authenticate with Digest, please” • Provides realm, nonce, algorithm choice, QOP • Client builds response, based on: • Server data, client data, user credentials request digest data settings data signature request 31 Computing Response MD5 • Server nonce: random string MD5 • Client nonce: random string userid realm password • Client counter: number server nonce • QOP: Quality of Protection • “auth” or “auth-int” client counter • Server selects algorithm client nonce • MD5 qop • All are strings (hashes in hex) MD5 Joined with “:” • HTTP method path 32 Server challenge WWW-Authenticate: Digest nonce=“1450807853.38:E10B: 497c0eadca9e962b45e54cd2629399b3", realm="caerbannog", algorithm="MD5", opaque="ADAC33E813C0CE930F4744C90E02396E", qop="auth", stale="false" 33 Hashes and Nonces MD5('tim:caerbannog:Enchanter') = 005a400eaf17492454011ddeb50c4a60 MD5('GET:/') = 71998c64aea37ae77020c49c00f73fa8 MD5(‘005a400eaf17492454011ddeb50c4a60: 1450807853.38:E10B: 497c0eadca9e962b45e54cd2629399b3: 00000002:9cf9d4679b7d83fb:auth: 71998c64aea37ae77020c49c00f73fa8') = df529127ed79076430be29b897622ae5 34 Complete Response Authorization: Digest username="tim", nonce=“1450807853.38:E10B: 497c0eadca9e962b45e54cd2629399b3", realm=“caerbannog", algorithm=MD5, qop=auth, uri="/", response="df529127ed79076430be29b897622ae5”, opaque="ADAC33E813C0CE930F4744C90E02396E", nc=00000002, cnonce="9cf9d4679b7d83fb" 35 Assessment: Digest • Not as frequently used for session credentials • Good: • Client / sever nonce help prevent replay attacks • Password not sent over the network • QOP auth-int detects modification of request • Bad: • Relies on MD5(username:realm:password) • Hash compromise allows immediate account access • Completed response may be vulnerable to brute-force • Uncertain support for auth-int 36 NTLM 37 NTLM • Windows NT LAN Manager authentication • Proprietary, not very well publicly documented • Binary protocol, very complicated request NTLM? Sure! Challenge Response 38 Type 1 - Client Begins • Server requests NTLM • Client responds with “Type 1” message HTTP/1.1 401 Unauthorized WWW-Authenticate: NTLM Authorization: NTLM TlRMTVNTUAABAAAAB4IIAAAAAAAAAAAAAAAAAAAAAAA= 4e54 4c4d 5353 5000 0100 0000 0782 0800 NTLMSSP......... 0000 0000 0000 0000 0000 0000 0000 0000 ................ 39 Type 2 - Server Challenge • Server responds with challenge WWW-Authenticate: NTLM [long base64 string] 4e54 4c4d 5353 5000 0200 0000 1000 1000 NTLMSSP......... 3000 0000 0102 8100 6e64 fc33 bb92 a567 0.......nd.3...g 0000 0000 0000 0000 8000 8000Server 4000Challenge 0000 ............@... 6d00 7900 7400 6100 7200 6700 6500 7400 m.y.t.a.r.g.e.t. 0200 0000 0100 1400 6d00 7900 6300 6f00 ........m.y.c.o. 6d00 7000 7500 7400 6500 7200 0400 2800 m.p.u.t.e.r...(. 6d00 7900 6400 6f00 6d00 6100 6900 6e00 m.y.d.o.m.a.i.n. 2e00 6500 7800 6100 6d00 7000 6c00 6500 ..e.x.a.m.p.l.e. 2e00 6300 6f00 6d00 0300 2c00 6d00 7900 ..c.o.m...,.m.y. 6300 6f00 6d00 7000 7500 7400 6500 7200 c.o.m.p.u.t.e.r. 2e00 6500 7800 6100 6d00 7000 6c00 6500 ..e.x.a.m.p.l.e. 2e00 6300 6f00 6d00 0000 0000 0000 0000 ..c.o.m......... Target Block 40 Response - NTLMv1 • Calculate NTLM hash of user’s password • Pad with 5 bytes of zeroes to make 21 bytes • Convert to 3 DES keys, 64-bits each • Spread bits out in 7-bit blocks • Add parity bits in between and at end • Read back as 8-byte, 64 bit key (x3) • Encrypt the challenge with each key in turn • Append all the results into one long response • Repeat with LM hash 41 Building DES Keys MD4(UTF-16(“Enchanter”)) = 52dac53d34d998ee55b1137d647e93ce Hash: 5 2 d a c 5 Binary: 0101 0010 1101 1010 1100 0101 ... Spread: 0101 001x 0110 110x 1011 000x 101 ... Parity: xxxx xxx0 xxxx xxx1 xxxx xxx0 .... Keys: 5 2 d 6 b 0 .... Final keys: 526db0a7d3a76731, ef2a6d2337ea91fd, 92e6800101010101 Key 1 Challenge DES MD4 password Key 2 Challenge DES padding Re-arrange Bits Key 3 Challenge DES 42 Encrypting Response Server challenge: 6e64fc33bb92a567 key1 = 526db0a7d3a76731, c1 = 8f86b036e38ac5b8 key2 = ef2a6d2337ea91fd, c2 = f5913b338af9912e key3 = 92e6800101010101, c3 = e3037866d94f62d7 NTLM V1 response: 8f86b036e38ac5b8f5913b338af9912ee3037866d94f62d7
Recommended publications
  • Supporting Secure Services on Dynamic Aggregation of Heterogeneous Networks
    Supporting Secure Services on Dynamic Aggregation of Heterogeneous Networks SUBMITTED TO UNIVERSITY OF SOUTHERN QUEENSLAND IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY David Tai Wai Lai July 2010 Certification of Dissertation I certify that the ideas, experimental work, results, analysis, software, and conclusions reported in this dissertation are entirely my own effort, except where otherwise acknowl- edged. I also certify that the work is original and has not been previously submitted for any other award or degree. Signature of Candidate Date Endorsement Signature of Supervisor Date ii I certify that I have read this dissertation and that, in my opin- ion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. Dr. Zhongwei Zhang (University of Southern Queensland) I certify that I have read this dissertation and that, in my opin- ion, it is fully adequate in scope and quality as a dissertation for the degree of Doctor of Philosophy. Dr. Shan Suthaharan (University of Northern Carolina at Greensboro) iii iv Abstract Sharing of services over IP networks prove to be an effective approach to satisfy the demand of network users when their home network cannot offer the required services. Authenti- cation, authorization and revocation are some of the important challenges in the service sharing services over IP networks. This research address the problem associated with the authentication because it becomes more and more complicated due to the incompatible au- thentication schemes used by individual autonomous networks, privacy of authentication information, and the overhead in establishing the sharing.
    [Show full text]
  • Etsi Tr 133 995 V13.0.1 (2017-04)
    ETSI TR 133 995 V13.0.1 (2017-04) TECHNICAL REPORT Universal Mobile Telecommunications System (UMTS); LTE; Study on security aspects of integration of Single Sign-On (SSO) frameworks with 3GPP operator-controlled resources and mechanisms (3GPP TR 33.995 version 13.0.1 Release 13) 3GPP TR 33.995 version 13.0.1 Release 13 1 ETSI TR 133 995 V13.0.1 (2017-04) Reference RTR/TSGS-0333995vd01 Keywords LTE,SECURITY,UMTS ETSI 650 Route des Lucioles F-06921 Sophia Antipolis Cedex - FRANCE Tel.: +33 4 92 94 42 00 Fax: +33 4 93 65 47 16 Siret N° 348 623 562 00017 - NAF 742 C Association à but non lucratif enregistrée à la Sous-Préfecture de Grasse (06) N° 7803/88 Important notice The present document can be downloaded from: http://www.etsi.org/standards-search The present document may be made available in electronic versions and/or in print. The content of any electronic and/or print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any existing or perceived difference in contents between such versions and/or in print, the only prevailing document is the print of the Portable Document Format (PDF) version kept on a specific network drive within ETSI Secretariat. Users of the present document should be aware that the document may be subject to revision or change of status. Information on the current status of this and other ETSI documents is available at https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx If you find errors in the present document, please send your comment to one of the following services: https://portal.etsi.org/People/CommiteeSupportStaff.aspx Copyright Notification No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm except as authorized by written permission of ETSI.
    [Show full text]
  • State of North Carolina Request for Proposal No
    STATE OF NORTH CAROLINA REQUEST FOR PROPOSAL NO. 41-100358-001 Department of Information Technology Offers will be publicly opened: April 29, 2020 at 2:00pm EST Issue Date: March 2, 2020 Refer ALL inquiries regarding this RFP to: Commodity Number: 920 Leroy Kodak] Description: Identity Access Management System [email protected]] Using Agency: Department of Information [919-754-6665] Technology Requisition No.: None OFFER The State solicits offers for Services and/or goods described in this solicitation. All offers and responses received shall be treated as Offers to contract. EXECUTION In compliance with this Request for Proposal, and subject to all the conditions herein, the undersigned offers and agrees to furnish any or all Services or goods upon which prices are offered, at the price(s) offered herein, within the time specified herein. By executing this offer, I certify that this offer is submitted competitively and without collusion. Failure to execute/sign offer prior to submittal shall render offer invalid. Late offers are not acceptable. OFFEROR: STREET ADDRESS: P.O. BOX: ZIP: CITY, STATE & ZIP: TELEPHONE NUMBER: TOLL FREE TEL. NO PRINT NAME & TITLE OF PERSON SIGNING: FAX NUMBER: AUTHORIZED SIGNATURE: DATE: E-MAIL: Offer valid for one hundred twenty (120) days from date of offer opening unless otherwise stated here: ____ days ACCEPTANCE OF OFFER If any or all parts of this offer are accepted, an authorized representative of the Department of Information Technology shall affix their signature hereto and any subsequent Request for Best and Final Offer, if issued. Acceptance shall create a contract having an order of precedence as follows: Best and Final Offers, if any, Special terms and conditions specific to this RFP, Specifications of the RFP, the Department of Information Technology Terms and Conditions, and the agreed portion of the awarded Vendor’s Offer.
    [Show full text]
  • BIG-IP Access Policy Manager
    DATA SHEET BIG-IP Access Policy Manager WHAT'S INSIDE Simple, Secure, and Seamless Access to 2 Bridging Secure Any Application, Anywhere Application Access Applications are gateways to your critical and sensitive data. Simple, secure access to 17 BIG-IP APM Features your applications is paramount, but application access today is extremely complex. Apps 19 F5 BIG-IP Platforms can be hosted anywhere—in the public cloud, in a private cloud, on-premises, or in a data center. Ensuring users have secure, authenticated access anytime, anywhere, to only the 19 F5 Support Services applications they are authorized to access is now a significant challenge. There are different application access methods to deal with these complexities. There are also various sources for authorized user identity, as well as dealing with applications that require modern or more traditional authentication and authorization methods, single sign-on (SSO), federation, and more, in addition to ensuring a secure, simple user access experience to support and consider. With digital transformation touching every part of an enterprise today, native cloud and Software as a Service (SaaS) applications are now the enterprise application standard. Many organizations, though, find they’re unable or unwilling to migrate all their applications to the cloud. There may be mission-critical classic or custom applications that cannot or should not support migration to the public cloud or be easily replaced by a SaaS solution. Applications are being hosted in a variety of locations, with differing and many times disparate authentication and authorization methods that are unable to communicate with each other or work seamlessly across existing SSO or federated identity.
    [Show full text]
  • Oracle Mobile Security a Technical Overview
    Oracle Mobile Security A Technical Overview ORACLE WHITE PAPER | MAY 2015 Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle. ORACLE MOBILE SECURITY Table of Contents Disclaimer 1 Executive Overview 1 Oracle Mobile Security – Address Employee and Consumer use cases 2 Oracle Mobile Security Suite – Enterprise Mobility Management Solution 3 Assembling the Blocks – Core Solution Components 4 Oracle Mobile Security Container 5 Oracle Mobile Security App Containerization Tool 6 Oracle Mobile Security Access Server (MSAS) 6 Oracle Mobile Security Manager 7 Oracle Access Management Mobile and Social 7 OAuth Support 8 Extending Enterprise Security to Mobile Apps 9 Oracle Mobile and Social Client SDKs 16 Conclusion 17 Appendix: The New Mobile Computing Paradigm 18 Mobile App Development Models 18 Oracle Platform Security Services 19 REST 19 JSON 19 JSON Web Token 19 OpenID and OpendID Connect 19 OAuth 20 ORACLE MOBILE SECURITY SAML 22 WS-Security and SOAP 22 ORACLE MOBILE SECURITY Executive Overview Mobile computing gradually allows us to make the elusive “anytime, anywhere access” mantra a reality. More and more employees use their own mobile device in the workplace, a phenomenon known as “Bring Your Own Device” (BYOD), resulting in employees using the same device for personal and business purposes.
    [Show full text]
  • AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations∗
    AUTHSCAN: Automatic Extraction of Web Authentication Protocols from Implementations∗ Guangdong Bai?, Jike Lei?, Guozhu Meng?, Sai Sathyanarayan Venkatraman?, Prateek Saxena?, Jun Suny, Yang Liuz, and Jin Song Dong? ∗National University of Singapore ySingapore University of Technology and Design zNanyang Technological University Abstract than 250 million people reportedly use it every month as of 2011 [7]. Ideally, authentication protocols should be for- Ideally, security protocol implementations should be for- mally verified prior to their implementations. However, mally verified before they are deployed. However, this is majority of web sites do not follow this principle. Au- not true in practice. Numerous high-profile vulnerabilities thentication protocols have historically been hard to design have been found in web authentication protocol implemen- correctly and implementations have been found susceptible tations, especially in single-sign on (SSO) protocols imple- to logical flaws [31, 41]. Web authentication protocols are mentations recently. Much of the prior work on authentica- no exception—several of these implementations have been tion protocol verification has focused on theoretical foun- found insecure in post-deployment analysis [16, 29, 39, 42]. dations and building scalable verification tools for checking There are three key challenges in ensuring that appli- manually-crafted specifications [17, 18, 44]. cations authenticate and federate user identities securely. In this paper, we address a complementary prob- First, most prior protocol verification work has focused on lem of automatically extracting specifications from im- checking the high-level protocol specifications, not their plementations. We propose AUTHSCAN, an end-to-end implementations [13,21,44]. In practice, however, checking platform to automatically recover authentication protocol implementations is difficult due to lack of complete infor- specifications from their implementations.
    [Show full text]
  • Single Sign-On the Way It Should Be
    Single sign-on the way it should be 6 ways Citrix Workspace delivers seamless access to all apps while improving security and the user experience Contents Single sign-on (SSO) solutions .......................................................................3 Secure access to everything ...........................................................................5 Granular controls for SaaS apps and the web ...........................................6 Control over your user identity ......................................................................7 Security beyond user names and passwords ............................................8 Seamless integration with your existing environment ..........................9 Resolving issues faster with end-to-end visibility ............................... 10 ↑ Back← Pg. to 2 contents | Pg. 4 → Citrix.com 2 Single sign-on (SSO) solutions were designed to make life easier for employees and IT. They’re meant to reduce the cost of management and provide better security, all while delivering an improved user experience. However, many solutions fall short, covering only one type or a subset of application types. This forces you to implement several access solutions from different vendors to cover your entire application landscape — negating the productivity and user experience benefits you hoped for. The complexity this type of implementation creates also runs counter to the Zero Trust initiatives that many organizations are undertaking Citrix Workspace helps you unify all apps and data across your distributed IT architecture to provide single sign-on to all the applications and data people need to be productive. Working with your existing infrastructure, Citrix Access Control consolidates multiple remote access solutions, like traditional VPNs or SSO solutions, simplifying management for IT and providing unified access for employees. ↑ Back to contents ← Pg. 2 | Pg. 4 → 3 Citrix.com | e-book | Choosing a Single Sign-On Solution ↓ 6 benefits of the Citrix Workspace SSO solution ↑ ← Pg.
    [Show full text]
  • 3GPP Report Skeleton
    ATIS 3GPP SPECIFICATION ATIS.3GPP.33.924.V1010-2012 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; Identity management and 3GPP security interworking; Identity management and Generic Authentication Architecture (GAA) interworking (Release 10) Approved by WTSC Wireless Technologies and Systems Committee 3GPP ATIS is committed to providing leadership for, and the rapid development and promotion of, worldwide technical and operations standards for information, entertainment and communications technologies using a pragmatic, flexible and open approach. < http://www.atis.org/ > The text in this ATIS Specification is identical to 3GPP TR 33.924 V10.1.0 (2011-06). Please note that ATIS.3GPP.33.924.V1010-2012 was developed within the Third Generation Partnership Project (3GPP™) and may be further elaborated for the purposes of 3GPP™. The contents of ATIS.3GPP.33.924.V1010-2012 are subject to continuing work within the 3GPP™ and may change following formal 3GPP™ approval. Should the 3GPP™ modify the contents of ATIS.3GPP.33.924.V1010-2012 it will be re-released by the 3GPP™ with an identifying change of release date and an increase in version number. The user of this Specification is advised to check for the latest version of 3GPP TR 33.924 V10.1.0 (2011-06) at the following address: ftp://ftp.3gpp.org/Specs/ (sorted by release date) The user is further advised to verify the changes over the version listed as the approved basis for this Specification and to utilize discretion after identifying any changes. 3GPP Support Office 650 Route des Lucioles -- Sophia Antipolis Valbonne – France tel: +33 4 92 94 42 00 fax: +33 4 93 65 47 16 web: http://www.3gpp.org "3GPP" is a registered trademark of ETSI in France and other jurisdictions on behalf of the 3rd Generation Partnership Project Organizational Partners (ARIB, ATIS, CCSA, ETSI, TTA, TTC).
    [Show full text]
  • Discovering Concrete Attacks on Website Authorization by Formal Analysis Chetan Bansal, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis
    Discovering concrete attacks on website authorization by formal analysis Chetan Bansal, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis To cite this version: Chetan Bansal, Karthikeyan Bhargavan, Antoine Delignat-Lavaud, Sergio Maffeis. Discovering con- crete attacks on website authorization by formal analysis. Journal of Computer Security, IOS Press, 2014, 22 (4), pp.601-657. 10.3233/JCS-140503. hal-01102202 HAL Id: hal-01102202 https://hal.inria.fr/hal-01102202 Submitted on 15 Apr 2016 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Discovering Concrete Attacks on Website Authorization by Formal Analysis1 Chetan BANSAL a, Karthikeyan BHARGAVAN b;2, Antoine DELIGNAT-LAVAUD b and Sergio MAFFEIS c a BITS Pilani-Goa b Inria Paris-Rocquencourt c Imperial College London Abstract. Social sign-on and social sharing are becoming an ever more popular feature of web applications. This success is largely due to the APIs and support of- fered by prominent social networks, such as Facebook, Twitter, and Google, on the basis of new open standards such as the OAuth 2.0 authorization protocol. A for- mal analysis of these protocols must account for malicious websites and common web application vulnerabilities, such as cross-site request forgery and open redi- rectors.
    [Show full text]
  • Recent Evolutions in the Oauth 2.0 and Openid Connect Landscape
    RECENT EVOLUTIONS IN THE OAUTH 2.0 AND OPENID CONNECT LANDSCAPE DR. PHILIPPE DE RYCK https://Pragmatic Web Security.com DR. PHILIPPE DE RYCK - Deep understanding of the web security landscape - Google Developer Expert (not employed by Google) - Course curator of the SecAppDev course (https://secappdev.org) Pragmatic Web Security High-quality security training for developers and managers Custom courses covering web security, API security, Angular security, … Consulting services on security, Oauth 2.0, OpenID Connect, … @PHILIPPEDERYCK @PhilippeDeRyck HTTPS://PRAGMATICWEBSECURITY.COM2 User authentication Read & write data @PhilippeDeRyck 3 User authentication Read & write data @PhilippeDeRyck 4 User authentication Read & write data @PhilippeDeRyck 5 OpenID Connect User authentication Read & write data OAuth 2.0 @PhilippeDeRyck 6 OpenID Connect User authentication Read & write data Read data OAuth 2.0 OAuth 2.0 @PhilippeDeRyck 7 Results in an identity token and access token User authentication Read & write data Read data Uses an access Uses an access token token @PhilippeDeRyck 8 OAUTH 2.0 AND OPENID CONNECT OpenID Connect provides user authentication OAuth 2.0 allows a client to access resources on behalf of the user Modern applications use a combination of both protocols @PhilippeDeRyck 9 THE OIDC HYBRID FLOW 5 Request client authorization 3 Authenticate yourself 4 Login credentials 6 Authorize client Authorization code 10 11 Access token / refresh token Redirect for with client credentials authentication 2 Redirect with 7 authorization
    [Show full text]
  • Oauth 2.0 and Openid Connect for Single Page Applications
    OAUTH 2.0 AND OPENID CONNECT FOR SINGLE PAGE APPLICATIONS DR. PHILIPPE DE RYCK https://Pragmatic Web Security.com A RESTAURANT REVIEW APPLICATION FRONTEND AND MOBILE APPLICATIONS APIS TO EMPOWER PARTNER SITES @PhilippeDeRyck OpenID Connect OAuth 2.0 Authenticate the user for me? Can I access the API please? Help me out here, is this client allowed to do that? OAuth 2.0 Can you handle this for me please? Here's an access token OAuth 2.0 @PhilippeDeRyck TERMINOLOGY This session OAuth 2.0 OpenID Connect User Resource Owner End-User API Resource Server Security Token Service (STS) Authorization Server OpenID Provider Client Client Relying Party @PhilippeDeRyck I am Dr. Philippe De Ryck Founder of Pragmatic Web Security Google Developer Expert Auth0 Ambassador / Expert SecAppDev organizer I help developers with security Academic-level security training Hands-on in-depth online courses Security advisory services https://pragmaticwebsecurity.com THE IMPLICIT FLOW 5 Allow the restograde app access? 3 Who are you? Authenticate please! 4 Authenticate to restograde.com 6 Authorize access Follow redirect to restograde.com 2 7 Redirect to the restograde app with access token 9 Request with 1 Navigate browser to restograde.com access token 8 Reload application with access token 10 Response THE IMPLICIT FLOW 5 Allow the restograde app access? 3 Who are you? Authenticate please! 4 Authenticate to restograde.com 6 Authorize access Follow redirect to restograde.com 2 Access tokens are sent in the insecure frontchannel. Refresh tokens are not 7 Redirect to the restograde app with access token allowed in the Implicit flow.
    [Show full text]
  • B-CRAM: a Byzantine-Fault-Tolerant Challenge-Response
    1 B-CRAM: A Byzantine-Fault-Tolerant Challenge-Response Authentication Mechanism Akshay Agrawal, Robert Gasparyan, Jongho Shin [email protected], [email protected], [email protected] Abstract—B-CRAM is an authentication protocol that the TTP is a single point of failure – if it were to fail, all enables applications to consult a distributed trusted third- authentication would come to a halt. We can alleviate this party (TTP) in order to validate end-user identities. shortcoming by distributing the KDC and maintaining Short for Byzantine-Fault-Tolerant Challenge-Response its state with a replication algorithm; indeed WebAuth, Authentication Mechanism, B-CRAM’s novelty lies in its Stanford’s own authentication system, does just that [16]. resilience to node failures, malicious or otherwise. The TTP layer, which stores end-user credentials, implements While replication increases redundancy, it does little the BFT2F replication algorithm. In particular, given a to guard against byzantine failures. In the context of TTP distributed 3f + 1 ways, our system guarantees both authentication, fault-tolerance to malicious attacks on safety and liveness when no more than f nodes fail; the TTPs is particularly important – a compromised moreover, we bound the space of possible attacks when no system could falsely authenticate imposters. None of the more than 2f nodes fail. B-CRAM prevents adversaries WebAuth, OpenID, or OAuth protocols require that their from obtaining sensitive end-user information, no matter TTPs survive byzantine faults [16], [8], [6]. Even if the how many TTPs they compromise: Unlike many other protocols did replicate their data using PBFT [2], security authentication protocols, B-CRAM ensures that TTPs do vulnerabilities would remain.
    [Show full text]